-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
馃殌 Feature: Dynamic state in OAuth2 #5520
Comments
@gepd, thanks for creating this issue! 馃檹馃徏
What you're describing isn't specific to your provider. This is a standard part of OAuth2. See this. This is something that would be nice to have in Appwrite.
This is expected because the user still has a session with the OAuth2 provider and the user has already granted Appwrite access to the account. Some providers allow passing some additional parameters to tweak the behavior. For example, |
Hi @gepd - if no further help is needed, can you please close the issue? |
馃敄 Feature description
Would great to have an option to work with dynamic state in OAuth2
馃帳 Pitch
In my case my provider has a requirement to have a dynamic state to use its oauth2 authentication (its a private one).
Stateless have the benefit to avoid to re-type your credentials again. But when you have sensitive data, if you close your session is essential to identificate the user again.
Currently if you close your session and log in again the session will be create again without ask for any credentials
Talking with Steven: https://discord.com/channels/564160730845151244/1105607724575768607 we agree the hard part is to maintain the state and validate it
I open this issue to discuss about it
馃憖 Have you spent some time to check if this issue has been raised before?
馃彚 Have you read the Code of Conduct?
The text was updated successfully, but these errors were encountered: